Data Privacy Guidelines on Flexible Learning

The following guidelines provide the framework in the conduct of flexible learning to ensure compliance with Republic Act 10173 or the Data Privacy Act of 2012 (DPA), other applicable laws and University policies and guidelines.

These guidelines supplement existing policies and guidelines that include, among others, the following:

  1. Intellectual Property Code of the Philippines (Republic Act 8293)
  2. Policies and Guidelines on Student Behavior during Online and Correspondence-based Learning
  3. Implementing Guidelines on Online-Based Learning (OBL) and Correspondence-Based Learning (CBL) for AY 2021-2022
  4. Privacy Policy for Students and Students Applicants Seeking for Admission in SLU
  5. Distance Learning Code of Discipline for Pupils
  6. Child Protection Policy
  7. General Guidelines for Teachers
  8. Special Guidelines for the Recognition / Renewal of Recognition of Student Organizations / Publications for AY 2021- 2022 and Conduct of Activity
  9. Data Privacy Guidelines on the Use of Social Media and Other Digital Platforms

A. Use of Official Online Learning Platforms
The University provides and enjoins the use of Official Learning Platforms. The following are the official online learning platforms (OLP) of the University for the Academic Year 2021-2022. The existing guidelines, will be carried out for any subsequent changes in the official platforms.

Level LMS Written Communication Audio/Video Communication
Elementary AraLinks SLU email accounts
FB Messenger Group Chat with Parents
Google Meet
Junior High School AraLinks SLU email accounts Google Meet
Senior High School Genyo SLU email accounts Google Meet
Tertiary Google Workspace SLU email accounts
Google Chat
GWS Comments
SLU Portal Announcements
Google Meet

  1. Google Workspace, formerly GSuite, is the current official platform used for institutional email accounts and OBL. The use of the private and secure set of applications in Google Workspace is highly recommended. This includes, but is not limited to, collaborative productivity tools, Chat, Spaces (asynchronous group collaboration and file-sharing), Jamboard (interactive whiteboard), and others.
  2. The Technology Management and Development Department (TMDD) is responsible for ensuring that any Personal Data stored and processed through the utilization of the above tools are covered by security mechanisms in accordance with the DPA.
  3. The Data Protection Office (DPO) is in charge of ensuring compliance of all units with the provisions of the DPA.
  4. The utilization of other online applications, tools or services, and other resources, apart from the above official online learning platforms should be duly approved by the respective heads of office and TMDD.
  5. Any announcement or posting that involves Personal Data (e.g., grades, assignment results, feedback) should be made such that the data is accessible only by its intended recipients.
  6. Student requirements should be submitted primarily through the official platforms. Should submission via other digital platforms be allowed, the faculty in charge should ensure the protection of these requirements. The faculty member concerned must inform his/her immediate head of office of the other platforms being utilized prior to its use. Upon evaluation by the head of office, the faculty may be required to conduct a Privacy Impact Assessment (PIA) for the application used. The PIA can be accomplished in coordination with the DPO.

B. Storage, processing, use and destruction of Personal Data collected in the conduct of a course

  1. All personal data collected by the faculty and other authorized personnel during the conduct of a course (e.g., grades, class records), whether delivered using OBL or CBL modes, should be stored in a secure manner. The observance of clean desk and workspace practices in order to ensure the physical security of the documents must be complied with at all times. All data collected and stored should only be accessed by the intended viewers and processors of the data.
  2. Electronic files that contain personal data must be stored primarily using the cloud storage features of the official learning platforms (e.g., Google Drive). All personnel who use other storage devices (e.g., USB drives, thumb drives) are responsible for ensuring the physical security of these devices.
  3. The faculty in charge of a class should ensure that all submitted course requirements, whether in printed or electronic form, are stored in a secure manner.
  4. The SLU official accounts and platforms should be the primary means used by personnel and students in the processing of electronic course-related information. Should other platforms be utilized, this must be communicated properly to the head of office. The personnel concerned are responsible for ensuring that data protection measures are in place. A Privacy Impact Assessment (PIA) may have to be conducted as deemed necessary by the head of office.
  5. All personal data collected and processed during the conduct of a course should be retained only for as long as these are necessary and should be deleted or disposed of in a secure manner within a reasonable time.

C. Use of cameras of and recording of online discussions

  1. Some online classes or academic activities may require the use of cameras (e.g., attendance, engagement with students, presentations, oral defense, etc). The faculty must inform the class of such a requirement and its purpose in the context of the online meeting or activity. It is highly recommended that students and faculty use virtual backgrounds while on camera in order to maintain the privacy of their surroundings. A minimalist or plain background with colors that make the participant stand out is suggested. It should be appropriate to the classroom setting. A standard background for the entire class may also be prescribed by the faculty in charge.
  2. Recording of online classes and other academic activities are generally done by the faculty for the benefit of those who are not present during the synchronous activity. Classes may also be recorded for the purpose of documentation, student assessment, syllabus or topic reviews, faculty evaluation and other legitimate purposes. The distribution of these recordings must be compliant with existing policies on such (e.g., Implementing Guidelines on Online-Based Learning (OBL) and Correspondence-Based Learning (CBL) for AY 2021-2022, Distance Learning Code of Discipline for Pupils, General Guidelines for Teachers).
  3. Recording of online academic activities for purposes other than the aforementioned are bound by the principles of transparency, legitimate purpose and proportionality. Participants must be informed of this purpose and permission must be requested from those who were present in the recorded activities and/or their parents or guardians (in the case of minors).
  4. Posting of recorded sessions, class discussions and presentations and making them available on public platforms must adhere to the principles of transparency, legitimate purpose and proportionality. Affected individuals should be informed about the intention to make the recording public. The appropriate consent from the affected data subjects or their parents/guardians (in the case of minors) must be obtained prior to such posting. (This also covers online posting of photos captured during online sessions.)
  5. Students should not record or take photos of online sessions without the explicit permission of the faculty in charge. The granting of permission by the faculty is subject to the principles of transparency, legitimate purpose and proportionality. Consent should likewise be obtained from all
    affected individuals or their parents/guardians (in the case of minors). Any recordings made accessible to students are subject to the guidelines on public postings (Data Privacy Guidelines on the Use of Social Media and Other Digital Platforms).

D. Use of instructional materials

  1. Instructional materials refer to modules, examinations, subject or course guides, activity guides, photos, videos, audio materials and other related resources that are used during the conduct of a course/class. The reproduction, distribution to entities other than its intended viewers, publishing online, or transmission in any form or by any means, in whole or in part, are strictly prohibited, unless consent is obtained from the faculty. Violations of this guideline may be deemed as violations of the DPA and/or the Intellectual Property Code of the Philippines and as such will be sanctioned accordingly.
  2. The above guideline applies to any instructional materials utilized in classes for both OBL and CBL modes of delivery.

E. Proper care of data and physical items that contain them

  1. All personnel are expected to protect their accounts (e.g., email) and passwords used to access applications and devices.
  2. Extra care must be taken by everyone to physically protect and secure his/her work computers, personal computers, laptops and other devices.